• @pinknoise
    link
    42 years ago

    You can use Signal with burner Sim, the old argument … but but it uses your phone number is nonsense.

    It’s not that easy to get anonymous SIM-cards in many countrys. Also it’s just incredibly inconvenient and insecure. (enables easy impersonation)

    But yes most matrix clients (and servers) suck big time.

    • CHEF-KOCH
      link
      -1
      edit-2
      2 years ago

      You can buy SIMs online via Monera and Bitcoin.

      It is really that easy, I do not post websites because it is a gray-zone but Google it and you find entire phones without SIM tracking and websites connected to it selling only the SIMs. Every scammer use this method.

      How is that insecure if I may ask. There is no attack scenario, SMS is simply not designed to be secure, you know that before you can send something. Impersonation is on all anonymous networks like Session a problem, this is not an exclusive SMS or Signal problem. God knows how many CHEF-KOCH fakes I already encountered on Telegram and Session. I stopped counting.

      Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you. SO those networks and so-called alternatives are by no means any real alternative, Signal is designed for friends, not strangers. My friends have my real-name and my phone number, not sure about your friends…

      • @pinknoise
        link
        22 years ago

        You can buy SIMs online via Monera and Bitcoin.

        I know, there are also sms-gateways and if you’re in the EU you can use a SIM from another EU country for quite cheap. It’s still inconvenient, may leak your location and is probably illegal.

        Impersonation is on all anonymous networks like Session a problem

        Using a mobile number as ID gives a false sense of authenticity. Signal only shows tiny warnings when someones “security code changes” when it should block further communication and show a warning that cannot be clicked away without knowing the implications.

        Also secure networks like Session do not stop someone from data exfiltration attacks or if you leak information yourself others can use against you.

        It’s impossible to defend against this at the software level.

        Signal is designed for friends, not strangers.

        Is your communication with friends less sensitive than that with strangers?

        • CHEF-KOCH
          link
          2
          edit-2
          2 years ago
          • Farming data without opt-in is also illegal and no one cares.
          • Using no authentication at all is also false sense of authenticity because you do not know who you are talking too which disqualifies Session. Another problem is you need to trust others servers, joining them without any chance to verify that these servers are not a honeypot or alt-right.
          • I agree there is no network nor software which prevents data exfiltration attacks. But this shows that the main issue is on users end, not the network.
          • My point is that you to 100 Percent already shared sensitive information, so there is no privacy intrusion if you use Signal. Signal is proven to be secure and the metadata stuff on the servers are so minimal that the feds cannot do anything at all with it. I do not see to suggest other IMs who had leaks in the last + there are no audits or evidence that it is really as secure as you think it is.

          Verification, at some point will so or so become a part in the EU, if not via SMS than age check, ID or whatever they come up with. The dream that you can be fully anonymous than this is what this is about ,not privacy, will end so or so, thanks to alt-right people who abuse every anonymous network to share illegal material, to scam others. The privacy argument is for most nothing but an excuse and the Govt is also not stupid and can see that. How is it helpful suggesting software or alternatives that are ore complicated to setup and you never know who you are talking too better, I do not see it, you run into more problems if you trust anonymous strangers, besides you can block on every Android phone at least Contacts and SMS permission without root if you dislike those permissions or features - some networks or alternatives do not even allow that.

          There are problems on both ends, not only centralization and decentralization does not solve all of mentioned problems. No beginner wants to setup his own server to just chat, and no one I know does that, so at the end of the day it anyway ends up trusting a random stranger with your data because you use his server, network with your data.

          I think Signal is good for beginners, like ever software it is not perfect and like every network nothing is fully anonymous. I do not see how Matrix beats simplicity, functionality and usability - right-now - over Signals for beginners. In fact by default depending on what server you are connected too on Matrix you are less secure. There is absolute no verification, so complaining about that Signals verification process is not perfect while Matrix ones is not existing or flawed is weird.